﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using BOSS.Domain.Security;

namespace BOSS.Service.Security
{
    /// <summary>
    /// 安全服务接口
    /// </summary>
    public interface ISecurityService
    {
        #region Windows 系统域相关
        /// <summary>
        /// 同步域信息
        /// </summary>
        //void SyncDomain();

        /// <summary>
        /// 同步域中的角色信息
        /// </summary>
        //void SyncDomainRoles();

        /// <summary>
        /// 同步域中的群组信息
        /// </summary>
        //void SyncDomainGroups();

        /// <summary>
        /// 同步域中的帐号信息
        /// </summary>
        //void SyncDomainAccounts();

        /// <summary>
        /// 同步域中的帐号信息
        /// </summary>
        /// <param name="accountInfo"></param>
        /// <returns></returns>
        //Account SyncAccount(AccountInfo accountInfo);
        #endregion

        /// <summary>
        /// 获取所有权限
        /// </summary>
        /// <returns></returns>
        IList<Privilege> SelectAllPrivileges();

        /// <summary>
        /// 查找指派给指定帐号的动态权限组（动态权限）
        /// </summary>
        /// <param name="account"></param>
        /// <returns></returns>
        PrivilegeGroup GetDynamicPrivileges(Account account);

        /// <summary>
        /// 查询满足给定权限的用户集合（使用动态权限查询，仅查询有效的用户）
        /// </summary>
        /// <param name="privilege"></param>
        /// <returns></returns>
        IList<Account> SelectAccountsByPrivilege(Privilege privilege);

        /// <summary>
        /// 查询拥有给定权限的用户集合（使用动态权限查询，仅查询有效的用户）
        /// </summary>
        /// <param name="privilegeName"></param>
        /// <returns></returns>
        IList<Account> SelectAccountsByPrivilege(string privilegeName);

        /// <summary>
        /// 判断指定帐号是否有相应权限。
        /// 只有参考帐号、参考帐号的各级主管以及获得额外权限的帐号返回 true
        /// </summary>
        /// <param name="accountToBeChecked">待检查的帐号，一般为系统的当前帐号</param>
        /// <param name="referenceAccount">参考帐号，一般为待操作对象的拥有者。可以为 null</param>
        /// <param name="privilegeNames">额外的权限列表。若不指定则不进行权限识别</param>
        /// <returns></returns>
        bool IsAuthorized(Account accountToBeChecked, Account referenceAccount, params string[] privilegeNames);

        /// <summary>
        /// 刷新运行时权限缓存
        /// </summary>
        void FlushRuntimePrivileges();

        /// <summary>
        /// 刷新指定用户的运行时权限缓存
        /// </summary>
        /// <param name="accountId"></param>
        void FlushRuntimePrivileges(int accountId);

        /// <summary>
        /// 尝试用指定的登录名、密码登录系统
        /// </summary>
        /// <param name="loginName"></param>
        /// <param name="password"></param>
        /// <param name="ipAddress"></param>
        /// <returns></returns>
        LoginInfo TryLogin(string loginName, string password, string ipAddress);

        /// <summary>
        /// 尝试远端登录
        /// </summary>
        /// <param name="token"></param>
        /// <param name="ipAddress"></param>
        /// <returns></returns>
        //LoginInfo TryRemoteLogin(string token, string ipAddress);

        /// <summary>
        /// 进行实际登录操作
        /// </summary>
        /// <param name="loginInfo"></param>
        /// <returns></returns>
        string DoLogin(LoginInfo loginInfo);

        /// <summary>
        /// 
        /// </summary>
        /// <param name="clearInvalidTicket"></param>
        /// <returns></returns>
        LoginInfo GetLoginInfo(bool clearInvalidTicket);

        /// <summary>
        /// 注销
        /// </summary>
        void Logout();
    }
}
